�� Win32/Spy.Ranbyus.I

Thu, 04 Jul 2013 19:04:05 +0400

�� Win32/Spy.Ranbyus.I � �� .
�� . �� - ��
04.07.2013 19:04:05, ��.

�� Win32/Spy.Ranbyus.I

Thu, 04 Jul 2013 18:56:10 +0400

�� Win32/Spy.Ranbyus.I � �� .
��! ��, �� . �� zoo ��.
MBAM �� -�� , � �� . �� ?
MBAM-log-2013-07-04 (18-46-55).txt
04.07.2013 18:56:10, ��.

�� Win32/Spy.Ranbyus.I

Thu, 04 Jul 2013 16:36:53 +0400

�� Win32/Spy.Ranbyus.I � �� .
�� !

� �� UVS �� script.cmd
�� , �� ,
�� �� �� �� � �� .
�� , �� !

====code====

;uVS v3.80.11 [http://dsrt.dyndns.org]
;Target OS: NTv6.1

zoo %SystemDrive%\USERS\ANDREEVA\APPDATA\LOCAL\TEMP\ABB4.TMP.EXE
bl FD9DA86F03D1087E70B4D133699B04F9 127488
delall %SystemDrive%\USERS\ANDREEVA\APPDATA\LOCAL\TEMP\ABB4.TMP.EXE
zoo %SystemDrive%\USERS\ANDREEVA\APPDATA\LOCAL\TEMP\B2B7.TMP.EXE
bl 4AA52DCB1B1D0504A0A79AF2E229F748 57344
delall %SystemDrive%\USERS\ANDREEVA\APPDATA\LOCAL\TEMP\B2B7.TMP.EXE
zoo %SystemDrive%\USERS\ANDREEVA\APPDATA\LOCAL\TEMP\BA37.TMP.EXE
bl E8301D36CE1B406FBCB48738AF1509E0 208896
delall %SystemDrive%\USERS\ANDREEVA\APPDATA\LOCAL\TEMP\BA37.TMP.EXE
zoo %SystemDrive%\USERS\ANDREEVA\APPDATA\LOCAL\TEMP\CD73.TMP.EXE
delall %SystemDrive%\USERS\ANDREEVA\APPDATA\LOCAL\TEMP\CD73.TMP.EXE
zoo %SystemDrive%\USERS\ANDREEVA\APPDATA\ROAMING\FRUDWIBW\VTUDTSRW.EXE
bl 4BF135FBAF09D159B921F906FB73FBC1 86016
delall %SystemDrive%\USERS\ANDREEVA\APPDATA\ROAMING\FRUDWIBW\VTUDTSRW.EXE
zoo %SystemDrive%\USERS\ANDREEVA\APPDATA\ROAMING\PECEPT\SVHCOTS.EXE
delall %SystemDrive%\USERS\ANDREEVA\APPDATA\ROAMING\PECEPT\SVHCOTS.EXE
zoo %SystemRoot%\SYSWOW64\MACHINEUPPER32.EXE
delall %SystemRoot%\SYSWOW64\MACHINEUPPER32.EXE
regt 3
regt 18
deltmp
delnfr
restart

============= � �� ��.
��
�� .

� �� UVS �� zoo, �� , �� virus � �� sendvirus2011@gmail.com

��(�� ) �� MBAM
http://forum.esetnod32.ru/forum9/topic682/
�� �� . ��
04.07.2013 16:36:53, zloyDi.

�� Win32/Spy.Ranbyus.I

Thu, 04 Jul 2013 16:30:19 +0400

�� Win32/Spy.Ranbyus.I � �� .
��, �� , �� explorer.exe. � �� , �� , �� . ��, � �� 32 �� Win32/Spy.Ranbyus.I.
�� uVS
log_03072013.txt
1_2013-07-04_16-00-51.7z
04.07.2013 16:30:19, �� .

����� esetnod32.ru [����: ����� Win32/Spy.Ranbyus.I]

����� Win32/Spy.Ranbyus.I

����� Win32/Spy.Ranbyus.I

����� Win32/Spy.Ranbyus.I

����� Win32/Spy.Ranbyus.I

�� esetnod32.ru [��: �� Win32/Spy.Ranbyus.I]

�� Win32/Spy.Ranbyus.I

�� Win32/Spy.Ranbyus.I

�� Win32/Spy.Ranbyus.I

�� Win32/Spy.Ranbyus.I